[GITEA] Fix NPE in UsernameSubRoute
- Backport of #1981
- When the user is not found in `reloadparam`, early return when the
user is not found to avoid calling `IsUserVisibleToViewer` which in turn
avoids causing a NPE.
- This fixes the case that a 500 error and 404 error is shown on the
same page.
- Add integration test for non-existant user RSS.
- Regression by c6366089df
(cherry picked from commit f0e06962786ef8c417b0c6f07940c1909d3b91ba)
(cherry picked from commit 75d806690875a4fc38eb1e3c904096be34657011)
(cherry picked from commit 4d0a1e0637450865c7bbac69e42d92d63b95149c)
(cherry picked from commit 5f40a485da1b2c5f129f32e2ddc2065e3ba9ccd0)
(cherry picked from commit c4cb7812e39add6f7ff3d6f3f2d4e02c66435f0e)
This commit is contained in:
Gusted
parent
b1b3ba8013
commit
3c7a955f05
2 changed files with 23 additions and 11 deletions
|
|
@ -841,12 +841,15 @@ func UsernameSubRoute(ctx *context.Context) {
|
|||
reloadParam := func(suffix string) (success bool) {
|
||||
ctx.SetParams("username", strings.TrimSuffix(username, suffix))
|
||||
context_service.UserAssignmentWeb()(ctx)
|
||||
if ctx.Written() {
|
||||
return false
|
||||
}
|
||||
// check view permissions
|
||||
if !user_model.IsUserVisibleToViewer(ctx, ctx.ContextUser, ctx.Doer) {
|
||||
ctx.NotFound("user", fmt.Errorf(ctx.ContextUser.Name))
|
||||
return false
|
||||
}
|
||||
return !ctx.Written()
|
||||
return true
|
||||
}
|
||||
switch {
|
||||
case strings.HasSuffix(username, ".png"):
|
||||
|
|
|
|||
|
|
@ -246,16 +246,25 @@ func testExportUserGPGKeys(t *testing.T, user, expected string) {
|
|||
}
|
||||
|
||||
func TestGetUserRss(t *testing.T) {
|
||||
user34 := "the_34-user.with.all.allowedChars"
|
||||
req := NewRequestf(t, "GET", "/%s.rss", user34)
|
||||
resp := MakeRequest(t, req, http.StatusOK)
|
||||
if assert.EqualValues(t, "application/rss+xml;charset=utf-8", resp.Header().Get("Content-Type")) {
|
||||
rssDoc := NewHTMLParser(t, resp.Body).Find("channel")
|
||||
title, _ := rssDoc.ChildrenFiltered("title").Html()
|
||||
assert.EqualValues(t, "Feed of "the_1-user.with.all.allowedChars"", title)
|
||||
description, _ := rssDoc.ChildrenFiltered("description").Html()
|
||||
assert.EqualValues(t, "<p dir="auto">some <a href="https://commonmark.org/" rel="nofollow">commonmark</a>!</p>\n", description)
|
||||
}
|
||||
defer tests.PrepareTestEnv(t)()
|
||||
|
||||
t.Run("Normal", func(t *testing.T) {
|
||||
user34 := "the_34-user.with.all.allowedChars"
|
||||
req := NewRequestf(t, "GET", "/%s.rss", user34)
|
||||
resp := MakeRequest(t, req, http.StatusOK)
|
||||
if assert.EqualValues(t, "application/rss+xml;charset=utf-8", resp.Header().Get("Content-Type")) {
|
||||
rssDoc := NewHTMLParser(t, resp.Body).Find("channel")
|
||||
title, _ := rssDoc.ChildrenFiltered("title").Html()
|
||||
assert.EqualValues(t, "Feed of "the_1-user.with.all.allowedChars"", title)
|
||||
description, _ := rssDoc.ChildrenFiltered("description").Html()
|
||||
assert.EqualValues(t, "<p dir="auto">some <a href="https://commonmark.org/" rel="nofollow">commonmark</a>!</p>\n", description)
|
||||
}
|
||||
})
|
||||
t.Run("Non-existent user", func(t *testing.T) {
|
||||
session := loginUser(t, "user2")
|
||||
req := NewRequestf(t, "GET", "/non-existent-user.rss")
|
||||
session.MakeRequest(t, req, http.StatusNotFound)
|
||||
})
|
||||
}
|
||||
|
||||
func TestListStopWatches(t *testing.T) {
|
||||
|
|
|
|||
Loading…
Reference in a new issue